Class: Win32::Security::SID
- Inherits:
-
Object
- Object
- Win32::Security::SID
- Extended by:
- Windows::Security::Functions
- Defined in:
- lib/win32/security/sid.rb
Overview
The SID class encapsulates a Security Identifier.
Constant Summary collapse
- VERSION =
The version of the Win32::Security::SID class.
'0.2.0'
- Null =
Some constant SID’s for your convenience, in string format. See support.microsoft.com/kb/243330 for details.
'S-1-0'
- Nobody =
'S-1-0-0'
- World =
'S-1-1'
- Everyone =
'S-1-1-0'
- Local =
'S-1-2'
- Creator =
'S-1-3'
- CreatorOwner =
'S-1-3-0'
- CreatorGroup =
'S-1-3-1'
- CreatorOwnerServer =
'S-1-3-2'
- CreatorGroupServer =
'S-1-3-3'
- NonUnique =
'S-1-4'
- Nt =
'S-1-5'
- Dialup =
'S-1-5-1'
- Network =
'S-1-5-2'
- Batch =
'S-1-5-3'
- Interactive =
'S-1-5-4'
- Service =
'S-1-5-6'
- Anonymous =
'S-1-5-7'
- Proxy =
'S-1-5-8'
- EnterpriseDomainControllers =
'S-1-5-9'
- PrincipalSelf =
'S-1-5-10'
- AuthenticatedUsers =
'S-1-5-11'
- RestrictedCode =
'S-1-5-12'
- TerminalServerUsers =
'S-1-5-13'
- LocalSystem =
'S-1-5-18'
- NtLocal =
'S-1-5-19'
- NtNetwork =
'S-1-5-20'
- BuiltinAdministrators =
'S-1-5-32-544'
- BuiltinUsers =
'S-1-5-32-545'
- Guests =
'S-1-5-32-546'
- PowerUsers =
'S-1-5-32-547'
- AccountOperators =
'S-1-5-32-548'
- ServerOperators =
'S-1-5-32-549'
- PrintOperators =
'S-1-5-32-550'
- BackupOperators =
'S-1-5-32-551'
- Replicators =
'S-1-5-32-552'
Constants included from Windows::Security::Constants
Windows::Security::Constants::ACL_REVISION, Windows::Security::Constants::ACL_REVISION1, Windows::Security::Constants::ACL_REVISION2, Windows::Security::Constants::ACL_REVISION3, Windows::Security::Constants::ACL_REVISION4, Windows::Security::Constants::AclRevisionInformation, Windows::Security::Constants::AclSizeInformation, Windows::Security::Constants::DOMAIN_ALIAS_RID_ACCOUNT_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_ADMINS, Windows::Security::Constants::DOMAIN_ALIAS_RID_AUTHORIZATIONACCESS, Windows::Security::Constants::DOMAIN_ALIAS_RID_BACKUP_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_DCOM_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_GUESTS, Windows::Security::Constants::DOMAIN_ALIAS_RID_INCOMING_FOREST_TRUST_BUILDERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_LOGGING_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_MONITORING_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_POWER_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_PREW2KCOMPACCESS, Windows::Security::Constants::DOMAIN_ALIAS_RID_PRINT_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_RAS_SERVERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_REPLICATOR, Windows::Security::Constants::DOMAIN_ALIAS_RID_SYSTEM_OPS, Windows::Security::Constants::DOMAIN_ALIAS_RID_TS_LICENSE_SERVERS, Windows::Security::Constants::DOMAIN_ALIAS_RID_USERS, Windows::Security::Constants::DOMAIN_GROUP_RID_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_CERT_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_COMPUTERS, Windows::Security::Constants::DOMAIN_GROUP_RID_CONTROLLERS, Windows::Security::Constants::DOMAIN_GROUP_RID_ENTERPRISE_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_GUESTS, Windows::Security::Constants::DOMAIN_GROUP_RID_POLICY_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_SCHEMA_ADMINS, Windows::Security::Constants::DOMAIN_GROUP_RID_USERS, Windows::Security::Constants::DOMAIN_USER_RID_ADMIN, Windows::Security::Constants::DOMAIN_USER_RID_GUEST, Windows::Security::Constants::DOMAIN_USER_RID_KRBTGT, Windows::Security::Constants::DOMAIN_USER_RID_MAX, Windows::Security::Constants::ERROR_NO_TOKEN, Windows::Security::Constants::FOREST_USER_RID_MAX, Windows::Security::Constants::SECURITY_ANONYMOUS_LOGON_RID, Windows::Security::Constants::SECURITY_AUTHENTICATED_USER_RID, Windows::Security::Constants::SECURITY_BATCH_RID, Windows::Security::Constants::SECURITY_BUILTIN_DOMAIN_RID, Windows::Security::Constants::SECURITY_CREATOR_GROUP_RID, Windows::Security::Constants::SECURITY_CREATOR_GROUP_SERVER_RID, Windows::Security::Constants::SECURITY_CREATOR_OWNER_RID, Windows::Security::Constants::SECURITY_CREATOR_OWNER_SERVER_RID, Windows::Security::Constants::SECURITY_CREATOR_SID_AUTHORITY, Windows::Security::Constants::SECURITY_DIALUP_RID, Windows::Security::Constants::SECURITY_ENTERPRISE_CONTROLLERS_RID, Windows::Security::Constants::SECURITY_INTERACTIVE_RID, Windows::Security::Constants::SECURITY_LOCAL_RID, Windows::Security::Constants::SECURITY_LOCAL_SERVICE_RID, Windows::Security::Constants::SECURITY_LOCAL_SID_AUTHORITY, Windows::Security::Constants::SECURITY_LOCAL_SYSTEM_RID, Windows::Security::Constants::SECURITY_LOGON_IDS_RID, Windows::Security::Constants::SECURITY_LOGON_IDS_RID_COUNT, Windows::Security::Constants::SECURITY_MAX_ALWAYS_FILTERED, Windows::Security::Constants::SECURITY_MIN_NEVER_FILTERED, Windows::Security::Constants::SECURITY_NETWORK_RID, Windows::Security::Constants::SECURITY_NETWORK_SERVICE_RID, Windows::Security::Constants::SECURITY_NON_UNIQUE_AUTHORITY, Windows::Security::Constants::SECURITY_NT_AUTHORITY, Windows::Security::Constants::SECURITY_NT_NON_UNIQUE, Windows::Security::Constants::SECURITY_NT_NON_UNIQUE_SUB_AUTH_COUNT, Windows::Security::Constants::SECURITY_NULL_RID, Windows::Security::Constants::SECURITY_NULL_SID_AUTHORITY, Windows::Security::Constants::SECURITY_OTHER_ORGANIZATION_RID, Windows::Security::Constants::SECURITY_PACKAGE_BASE_RID, Windows::Security::Constants::SECURITY_PACKAGE_DIGEST_RID, Windows::Security::Constants::SECURITY_PACKAGE_NTLM_RID, Windows::Security::Constants::SECURITY_PACKAGE_RID_COUNT, Windows::Security::Constants::SECURITY_PACKAGE_SCHANNEL_RID, Windows::Security::Constants::SECURITY_PRINCIPAL_SELF_RID, Windows::Security::Constants::SECURITY_PROXY_RID, Windows::Security::Constants::SECURITY_REMOTE_LOGON_RID, Windows::Security::Constants::SECURITY_RESOURCE_MANAGER_AUTHORITY, Windows::Security::Constants::SECURITY_RESTRICTED_CODE_RID, Windows::Security::Constants::SECURITY_SERVER_LOGON_RID, Windows::Security::Constants::SECURITY_SERVICE_RID, Windows::Security::Constants::SECURITY_TERMINAL_SERVER_RID, Windows::Security::Constants::SECURITY_THIS_ORGANIZATION_RID, Windows::Security::Constants::SECURITY_WORLD_RID, Windows::Security::Constants::SECURITY_WORLD_SID_AUTHORITY, Windows::Security::Constants::SidTypeAlias, Windows::Security::Constants::SidTypeComputer, Windows::Security::Constants::SidTypeDeletedAccount, Windows::Security::Constants::SidTypeDomain, Windows::Security::Constants::SidTypeGroup, Windows::Security::Constants::SidTypeInvalid, Windows::Security::Constants::SidTypeUnknown, Windows::Security::Constants::SidTypeUser, Windows::Security::Constants::SidTypeWellKnownGroup, Windows::Security::Constants::TOKEN_QUERY
Instance Attribute Summary collapse
-
#account ⇒ Object
readonly
The account name passed to the constructor.
-
#account_type ⇒ Object
readonly
The SID account type, e.g.
-
#domain ⇒ Object
readonly
The domain the SID is on.
-
#host ⇒ Object
readonly
The host passed to the constructor, or the localhost if none was specified.
-
#sid ⇒ Object
readonly
The binary SID object itself.
Class Method Summary collapse
-
.create(authority, *sub_authorities) ⇒ Object
Creates a new SID with
authority
and up to 8subauthorities
, and returns new Win32::Security::SID object. -
.open(account = nil, host = Socket.gethostname) ⇒ Object
Synonym for SID.new.
-
.sid_to_string(sid) ⇒ Object
Converts a binary SID to a string in S-R-I-S-S…
-
.string_to_sid(string) ⇒ Object
Converts a string in S-R-I-S-S…
Instance Method Summary collapse
-
#==(other) ⇒ Object
Returns whether or not the SID object is equal to
other
. -
#initialize(account = nil, host = Socket.gethostname) ⇒ SID
constructor
Creates and returns a new Win32::Security::SID object, based on the account name, which may also be a binary SID.
-
#length ⇒ Object
Returns the length of the SID object, in bytes.
-
#to_s ⇒ Object
(also: #to_str)
Returns the binary SID in string format suitable for display, storage or transmission.
-
#valid? ⇒ Boolean
Returns whether or not the SID is a valid sid.
-
#well_known? ⇒ Boolean
Returns whether or not the SID is a well known SID.
Constructor Details
#initialize(account = nil, host = Socket.gethostname) ⇒ SID
Creates and returns a new Win32::Security::SID object, based on the account name, which may also be a binary SID. If a host is provided, then the information is retrieved from that host. Otherwise, the local host is used.
If no account is provided then it retrieves information for the user account associated with the calling thread and the host argument is ignored.
Note that this does NOT create a new SID, but merely retrieves information for an existing SID. To create a new SID, use the SID.create method.
Examples:
# Current user
Win32::Security::SID.new
# User 'john' on the localhost
Win32::Security::SID.new('john')
# User 'jane' on a remote machine
Win32::Security::SID.new('jane', 'some_host')
# Binary SID
Win32::Security::SID.new("\001\000\000\000\000\000\001\000\000\000\000")
172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 |
# File 'lib/win32/security/sid.rb', line 172 def initialize(account=nil, host=Socket.gethostname) if account.nil? begin ptoken = FFI::MemoryPointer.new(:ulong) # Try the thread token first, default to the process token. bool = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, true, ptoken) if !bool && FFI.errno != ERROR_NO_TOKEN raise SystemCallError.new("OpenThreadToken", FFI.errno) else ptoken = FFI::MemoryPointer.new(:ulong) unless OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, ptoken) raise SystemCallError.new("OpenProcessToken", FFI.errno) end end token = ptoken.read_ulong pinfo = FFI::MemoryPointer.new(:pointer) plength = FFI::MemoryPointer.new(:ulong) # First pass, just get the size needed (1 is TokenOwner) GetTokenInformation(token, 1, pinfo, pinfo.size, plength) pinfo = FFI::MemoryPointer.new(plength.read_ulong) plength = FFI::MemoryPointer.new(:ulong) # Second pass, actual call (1 is TokenOwner) unless GetTokenInformation(token, 1, pinfo, pinfo.size, plength) raise SystemCallError.new("GetTokenInformation", FFI.errno) end token_info = pinfo.read_pointer ensure CloseHandle(token) if token end end if account ordinal_val = account[0] ordinal_val = ordinal_val.ord if RUBY_VERSION.to_f >= 1.9 else ordinal_val = nil end sid = FFI::MemoryPointer.new(:uchar, 260) sid_size = FFI::MemoryPointer.new(:ulong) sid_size.write_ulong(sid.size) domain = FFI::MemoryPointer.new(:uchar, 260) domain_size = FFI::MemoryPointer.new(:ulong) domain_size.write_ulong(domain.size) use_ptr = FFI::MemoryPointer.new(:ulong) if ordinal_val.nil? bool = LookupAccountSid( nil, token_info, sid, sid_size, domain, domain_size, use_ptr ) unless bool raise SystemCallError.new("LookupAccountSid", FFI.errno) end elsif ordinal_val < 10 # Assume it's a binary SID. account_ptr = FFI::MemoryPointer.from_string(account) bool = LookupAccountSid( host, account_ptr, sid, sid_size, domain, domain_size, use_ptr ) unless bool raise SystemCallError.new("LookupAccountSid", FFI.errno) end else bool = LookupAccountName( host, account, sid, sid_size, domain, domain_size, use_ptr ) unless bool raise SystemCallError.new("LookupAccountName", FFI.errno) end end # The arguments are flipped depending on which path we took if ordinal_val.nil? @sid = token_info.read_string @account = sid.read_string(sid.size).strip elsif ordinal_val < 10 @sid = account @account = sid.read_string(sid.size).strip else length = GetLengthSid(sid) @sid = sid.read_string(length) @account = account end @host = host @domain = domain.read_string @account_type = get_account_type(use_ptr.read_ulong) end |
Instance Attribute Details
#account ⇒ Object (readonly)
The account name passed to the constructor.
66 67 68 |
# File 'lib/win32/security/sid.rb', line 66 def account @account end |
#account_type ⇒ Object (readonly)
The SID account type, e.g. ‘user, ’group’, etc.
69 70 71 |
# File 'lib/win32/security/sid.rb', line 69 def account_type @account_type end |
#domain ⇒ Object (readonly)
The domain the SID is on.
72 73 74 |
# File 'lib/win32/security/sid.rb', line 72 def domain @domain end |
#host ⇒ Object (readonly)
The host passed to the constructor, or the localhost if none was specified.
76 77 78 |
# File 'lib/win32/security/sid.rb', line 76 def host @host end |
#sid ⇒ Object (readonly)
The binary SID object itself.
63 64 65 |
# File 'lib/win32/security/sid.rb', line 63 def sid @sid end |
Class Method Details
.create(authority, *sub_authorities) ⇒ Object
Creates a new SID with authority
and up to 8 subauthorities
, and returns new Win32::Security::SID object.
Example:
sec = Security::SID.create(
Security::SID::SECURITY_WORLD_SID_AUTHORITY,
Security::SID::SECURITY_WORLD_RID
)
p sec
#<Win32::Security::SID:0x2c5a95c
@host="your_host",
@account="Everyone",
@account_type="well known group",
@sid="\001\001\000\000\000\000\000\001\000\000\000\000",
@domain=""
>
122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/win32/security/sid.rb', line 122 def self.create(, *) if .length > 8 raise ArgumentError, "maximum of 8 subauthorities allowed" end size = GetSidLengthRequired(.length) sid = FFI::MemoryPointer.new(:uchar, size) auth = SID_IDENTIFIER_AUTHORITY.new auth[:Value][5] = unless InitializeSid(sid, auth, .length) raise SystemCallError.new("InitializeSid", FFI.errno) end .each_index do |i| ptr = GetSidSubAuthority(sid, i) ptr.write_ulong([i]) end new(sid.read_string(size)) # Pass a binary string end |
.open(account = nil, host = Socket.gethostname) ⇒ Object
Synonym for SID.new.
290 291 292 |
# File 'lib/win32/security/sid.rb', line 290 def self.open(account=nil, host=Socket.gethostname) new(account, host) end |
.sid_to_string(sid) ⇒ Object
Converts a binary SID to a string in S-R-I-S-S… format.
80 81 82 83 84 85 86 87 88 |
# File 'lib/win32/security/sid.rb', line 80 def self.sid_to_string(sid) string_sid = FFI::MemoryPointer.new(:pointer) unless ConvertSidToStringSid(sid, string_sid) raise SystemCallError.new("ConvertSidToStringSid", FFI.errno) end string_sid.read_pointer.read_string end |
.string_to_sid(string) ⇒ Object
Converts a string in S-R-I-S-S… format back to a binary SID.
92 93 94 95 96 97 98 99 100 |
# File 'lib/win32/security/sid.rb', line 92 def self.string_to_sid(string) sid = FFI::MemoryPointer.new(:pointer) unless ConvertStringSidToSid(string, sid) raise SystemCallError.new("ConvertStringSidToSid", FFI.errno) end sid.read_pointer.read_string end |
Instance Method Details
#==(other) ⇒ Object
Returns whether or not the SID object is equal to other
.
311 312 313 |
# File 'lib/win32/security/sid.rb', line 311 def ==(other) EqualSid(@sid, other.sid) end |
#length ⇒ Object
Returns the length of the SID object, in bytes.
336 337 338 |
# File 'lib/win32/security/sid.rb', line 336 def length GetLengthSid(@sid) end |
#to_s ⇒ Object Also known as: to_str
Returns the binary SID in string format suitable for display, storage or transmission.
297 298 299 300 301 302 303 304 305 |
# File 'lib/win32/security/sid.rb', line 297 def to_s ptr = FFI::MemoryPointer.new(:pointer) unless ConvertSidToStringSid(@sid, ptr) raise SystemCallError.new("ConvertSidToStringSid", FFI.errno) end ptr.read_pointer.read_string end |
#valid? ⇒ Boolean
Returns whether or not the SID is a valid sid.
317 318 319 |
# File 'lib/win32/security/sid.rb', line 317 def valid? IsValidSid(@sid) end |
#well_known? ⇒ Boolean
Returns whether or not the SID is a well known SID.
Requires Windows XP or later. Earlier versions will raise a NoMethodError.
326 327 328 329 330 331 332 |
# File 'lib/win32/security/sid.rb', line 326 def well_known? if defined? IsWellKnownSid IsWellKnownSid(@sid) else raise NoMethodError, 'requires Windows XP or later' end end |